From b7d963a9700ffd280cab47f4255fd26c748d9a95 Mon Sep 17 00:00:00 2001
From: Evy Bongers <e.bongers@pararius.nl>
Date: Tue, 4 Jan 2022 15:42:41 +0100
Subject: [PATCH 1/4] Make use of special chars configurable

---
 roles.tf     | 3 +--
 variables.tf | 5 +++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles.tf b/roles.tf
index 816fd2f..cc1a1f1 100644
--- a/roles.tf
+++ b/roles.tf
@@ -2,7 +2,7 @@ resource "random_password" "role" {
   for_each = var.roles
 
   length  = 48
-  special = false
+  special = var.password_special_chars
 }
 
 resource "postgresql_role" "role" {
@@ -134,4 +134,3 @@ resource "postgresql_grant" "role_rw" {
   objects           = []
   with_grant_option = false
 }
-
diff --git a/variables.tf b/variables.tf
index fa8c8b8..d2359ca 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,3 +4,8 @@ variable "roles" {
     databases_rw = list(string)
   }))
 }
+
+variable "password_special_chars" {
+  type    = bool
+  default = true
+}

From 9668baa08de02a97aaf765b7bbd89439cdc4375d Mon Sep 17 00:00:00 2001
From: Evy Bongers <e.bongers@pararius.nl>
Date: Tue, 4 Jan 2022 16:47:47 +0100
Subject: [PATCH 2/4] Add default values

---
 roles.tf     | 12 ++++++++++--
 variables.tf |  5 -----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/roles.tf b/roles.tf
index cc1a1f1..d766e16 100644
--- a/roles.tf
+++ b/roles.tf
@@ -1,8 +1,16 @@
 resource "random_password" "role" {
   for_each = var.roles
 
-  length  = 48
-  special = var.password_special_chars
+  length      = 48
+  min_lower   = 0
+  min_number  = 0
+  min_special = 0
+  min_upper   = 0
+
+  lower   = true
+  number  = true
+  special = false
+  upper   = true
 }
 
 resource "postgresql_role" "role" {
diff --git a/variables.tf b/variables.tf
index d2359ca..fa8c8b8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -4,8 +4,3 @@ variable "roles" {
     databases_rw = list(string)
   }))
 }
-
-variable "password_special_chars" {
-  type    = bool
-  default = true
-}

From 22293c49ad5c84b10b489979a54e3a33c29a4ecc Mon Sep 17 00:00:00 2001
From: Evy Bongers <e.bongers@pararius.nl>
Date: Tue, 4 Jan 2022 16:48:06 +0100
Subject: [PATCH 3/4] Ignore mismatching password requirements

---
 roles.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles.tf b/roles.tf
index d766e16..3b9bda0 100644
--- a/roles.tf
+++ b/roles.tf
@@ -11,6 +11,10 @@ resource "random_password" "role" {
   number  = true
   special = false
   upper   = true
+
+  lifecycle {
+    ignore_changes = [lower, number, special, upper]
+  }
 }
 
 resource "postgresql_role" "role" {

From 039450c348b8b035a477f9ac9f79348747b5911f Mon Sep 17 00:00:00 2001
From: Evy Bongers <e.bongers@pararius.nl>
Date: Tue, 4 Jan 2022 16:49:38 +0100
Subject: [PATCH 4/4] Fix typo

---
 roles.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles.tf b/roles.tf
index 3b9bda0..1d85cb0 100644
--- a/roles.tf
+++ b/roles.tf
@@ -3,7 +3,7 @@ resource "random_password" "role" {
 
   length      = 48
   min_lower   = 0
-  min_number  = 0
+  min_numeric = 0
   min_special = 0
   min_upper   = 0